Can you protect the data and digital information systems that are the lifeblood of your enterprise without providing the people who use these systems with relevant security training? This question has been thrown into sharp focus by findings from two separate surveys commissioned this year by ESET. In the first survey of U.S, Harris Interactive in February found out that only 32% of employed adults conducted computer security training and in a second study, carried out in August, 68% of respondents answer never.

While data security might sound like a technical challenge, there is also a large and important human factor involved. This human factor is particularly important when an organization becomes a target of attack for cyber criminals. The natural focus of investigations into such attacks is the technology they use and abuse, but the actions of users and operators of the systems being attacked are often critical to the success or failure of such attacks.

Consider the finding in Verizon's "2012 Data Breach Investigation Report" that 37% of breaches, measured by records breached, were exposed through “social” tactics, more than half of which were classified as classic “social engineering” (other social factors included solicitation/bribery, phishing, and elicitation). The report described social engineering as:

“a strategy designed to circumvent the typically more mature security measures in place at larger organizations. Why spend time searching for a way to exploit the specific technologies and weakness of a single company when every company contains people with the same basic vulnerabilities?”

Surveys are not foolproof, but when two independent studies produce almost identical results, they should be taken seriously. And these results have serious implications indeed, the most immediate being that we must do better, we must teach more people how to defend their digital devices and the personal information they store and access. And we need to create a more security-savvy workforce who can help, rather than hinder, the goal of protecting vital business processes, critical digital infrastructure, and valuable intellectual property.ESET is committed to playing a leading role in increasing the percentage of people who receive security awareness training, making them the majority, not the minority. That's why many ESET products now include basic security training. It is also why ESET is a keen supporter of Securing Our eCity, which is setting the standard for community-wide security awareness.

As long as high-tech security measures can be beaten by low-tech attacks that exploit our human weaknesses — such as inadequate knowledge and understanding — our data and systems will remain at risk of serious compromise.